Configuring new certificates for all Knack Apps - When certs expire!

How to re-configure SSO in Knack when certs expire in Mid June

This scenario happens every two years when our SSL certificates expire, we have an outlook calendar event notification to remind us when to do this.

  1. Generate new certificates according to our SSL Certificate Creation

  2. Make sure to save those new certificates in One Password with proper formatting

  3. Schedule a meeting with CTM so they can update Azure Active Directory as you update app certificates (this limits or negates any downtime users will have signing into apps)

  4. During the meeting, navigate to a Knack login page with SSO enabled in the builder

  5. Replace the Decryption private certificate and the Decryption public certificates with the new certificates that we just created

  6. Save and test an SSO login page. If you get a Public Key error, CTM will need to recreate the app instance in Azure. Otherwise, update and test each app accordingly until complete

If Testing does result in a Public Key error, continue:

  1. As CTM is recreating the new app instance in Azure, remove the Identity Provider's certificate in Knack and then provide CTM the updated metadata file or link with only the Decryption private and public certificates filled in. All other Provider Settings should remain and stay the same

  2. CTM will add the metadata info to Azure, allowing them to provide you a new metadata file or link with the x509 certificate in it

  3. Verify with CTM that the x509 certificate in the file you received matches the Identity Provider certificate in Azure (by matching the last few characters of the cert)

  4. Copy that x509 certificate from the metadata file or link

  5. Use the X509 Formatter to format the x509 certificate with headers

  6. Add to the Knack Identity Provider's certificate box and save the updated credentials

  7. Test an SSO login page to ensure its working correctly

  8. Add the new unique IP Cert to One Password as your repeat these steps for each Knack app

Possible Errors

Last updated

Was this helpful?